A vulnerability was found in Contest Gallery Plugin up to 28.1.4/28.1.5 on WordPress. It has been declared as critical. This affects an unknown function. The manipulation of the argument cgLostPasswordEmail/cgl_mail results in sql injection.
This vulnerability is reported as CVE-2026-3180. The attack can be launched remotely. No exploit exists.
